ISACA CISM Certified Information Security Manager Online Training
ISACA CISM Online Training
The questions for CISM were last updated at Apr 24,2025.
- Exam Code: CISM
- Exam Name: Certified Information Security Manager
- Certification Provider: ISACA
- Latest update: Apr 24,2025
Which of the following is the MOST important requirement for the successful implementation of security governance?
- A . Mapping to organizational
- B . Implementing a security balanced scorecard
- C . Performance an enterprise-wide risk assessment
- D . Aligning to an international security framework
Which of the following would contribute MOST to employees’ understanding of data handling responsibilities?
- A . Demonstrating support by senior management of the security program
- B . Implementing a tailored security awareness training program
- C . Requiring staff acknowledgement of security policies
- D . Labeling documents according to appropriate security classification
Which of the following BEST reduces the likelihood of leakage of private information via email?
- A . User awareness training
- B . Email encryption
- C . Strong user authentication protocols
- D . Prohibition on the personal use of email
A new program has been implemented to standardize security configurations across a multinational organization Following implementation, the configuration standards should:
- A . remain unchanged to avoid variations across the organization
- B . be updated to address emerging threats and vulnerabilities.
- C . be changed for different subsets of the systems to minimize impact,
- D . not deviate from industry best practice baselines.
An information security manager s PRIMARY objective for presenting key risks to the board of directors is to:
- A . re-evaluate the risk appetite
- B . quantify reputational risks
- C . meet information security compliance requirements.
- D . ensure appropriate information security governance.
The PRIMARY purpose of asset valuation for the management of information security is to:
- A . prioritize risk management activities.
- B . provide a basis for asset classification.
- C . determine the value of each asset
- D . eliminate the least significant assets.
Which of the following is the PRIMARY reason to invoke continuity and recovery plans?
- A . To achieve service delivery objectives
- B . To coordinate with senior management
- C . To enforce service level agreements (SLAs)
- D . To protect corporate networks
An information security manager is concerned that executive management does not su the following is the BEST way to address this situation?
- A . Revise the information security strategy to meet executive management expectations.
- B . Escalate noncompliance concerns to the internal audit manager
- C . Report the risk and status of the information security program to the board.
- D . Demonstrate alignment of the information security function with business needs.
A policy has been established requiting users to install mobile device management (MDM) software on their personal devices.
Which of the following would BEST mitigate the risk created by noncompliance with this policy?
- A . Disabling remote access from the mobile device
- B . Requiring users to sign off on terms and conditions
- C . Issuing company-configured mobile devices
- D . Issuing warnings and documenting noncompliance
Which of the following provides the BEST input to maintain an effective asset classification program?
- A . Business impact analysis (BIA)
- B . Annual toss expectancy
- C . Vulnerability assessment
- D . Risk heat map
Latest CISM Dumps Valid Version with 1327 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
